[OpenAFS] Kerberos 5, AFS, and no krb524d
Lukas Kubin
kubin@opf.slu.cz
Sun, 8 Jun 2003 12:20:31 +0200 (CEST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> Ok, so what do you mean here? Working?
>
> Do you mean AFS? Kerberos 5, AKlog.exe, Windows 2k/XP or all of the above?
All, together.
> 1. Do you have an existing AFS infrastructure that works?
Yes, OpenAFS 1.2.9 on Debian, fileserver and dbservers, without kaserver.
> 2. Do you have an existing Kerberos 5 infrastructure that works?
Yes, MIT Kerberos 1.2.4 on Debian.
Both of the above works fine when connecting from Linux machines. I can
mount the user's directory, work with rights etc.
> 3. Do you have Win2k/XP installed on one of your machines?
Yes. Currently our network is built on Novell Netware. I'm experimenting
with AFS/K5 on one Windows 98 and one Windows XP machine. I tried both,
let the Netware's client installed there and also uninstall it to see,
whether it is of some importance or not.
> 4. Do you have the OpenAFS client installed on the Win2k/XP machine?
Yes. I installed the latest for NT/2000 (on the XP box) and Windows 9x (on
the 98 box) I've found on openafs.org
> 5. Does the OpenAFS client work...out of the box, on the Win2k/XP machine?
What do you mean by "does work"? For Windows XP: I installed it
successfully, restarted and added the cell name and server mapping. I can
start the service. I can not mount anything. AFS Client pops up a window
"Error Mapping Network Drive" telling me to check available drive
letters. But starting from E: all are unused.
> 6. Have you installed the MIT Kerberos for Windows software to get
> Kerberos 5 tickets?
Yes and I'm getting the tickets.
On Windows XP: I get my user's ticket. Then I run aklog.exe and it
crashes. But after that I have the afs@REALM ticket addet to my ticket
list.
> 7. Are your Win2k/XP machines members of a Windows Active Directory domain?
No. I would like to use OpenLDAP instead.
> 8. Have you setup the Active Directory server and Win2k/XP machines to
> trust Kerberos realm?
> 9. Irregardless of AFS, can you logon to your Win2k/XP machines with your
> Kerberos realm password?
Not for now. I also don't know how to configure Windows to use the
credentials user types into winlogon for Kerberos authentication. I'll
need this feature.
> Btw, this is a mailing list. I'm subscribed to it. You don't need to
> reply directly to me, just reply to the mailing list please. Thanks.
Sorry. That was default behaviour of my mail client. I was too lazy to
change it.
Thank you for all the help.
lukas
> Rodney
>
> ...on any of 2000/XP
> >platform. Any suggestions?
> >Thank you.
> >
> >lukkas
> >
> >On 7 Jun 2003, Derek Atkins wrote:
> >
> > > Nothing is "impossible". You may not like it, but it is most assuredly
> > > possible. It may not be the best option, or the easiest option, but it
> > > is certainly an option. Even if you've got 4-year-old PCs you should be
> > > able to upgrade. It's just a matter of time.
> > >
> > > I've seen sites upgrade 2000+ machines... every year... So only 200
> > > is far from "impossible".
> > >
> > > -derek
> > >
> > > Lukas Kubin <kubin@opf.slu.cz> writes:
> > >
> > > > The upgrade is impossible for me now. It would need to be done on 200
> > > > mid-aged computers. There >must< be some solution. I just can't find it.
> > > > The problem for me is I can't find any useful docs. I need to know:
> > > >
> > > > 1. Which K5 to download
> > > > 2. Which OpenAFS version to download
> > > > 3. Which (aklog.exe)??? to download and from where
> > > >
> > > > for both Windows 98 and XP and how to configure it.
> > > >
> > > > Now, I have an K5 and OpenAFS servers running on Debian Linux. The
> > > > kaserver is (by default OpenAFS install on Debian) not running.
> > > > Until now, every aklog crashed when I tried to start it.
> > > >
> > > > lukas
> > > >
> > > > On 7 Jun 2003, Derek Atkins wrote:
> > > >
> > > > > Windows 9x is dead. Upgrade to an OS that was released this century.
> > > > >
> > > > > -derek
> > > > >
> > > > > Lukas Kubin <kubin@opf.slu.cz> writes:
> > > > >
> > > > > > Thank you for the very useful source of information for me.
> > > > > > Did you also try to do the same on Windows 9x ?
> > > > > >
> > > > > > lukas
> > > > > >
> > > > > > On Fri, 6 Jun 2003, Rodney M Dyer wrote:
> > > > > >
> > > > > > > At 10:15 PM 6/6/2003 +0200, Lukas Kubin wrote:
> > > > > > > >-----BEGIN PGP SIGNED MESSAGE-----
> > > > > > > >Hash: SHA1
> > > > > > > >
> > > > > > > >I absolutely agree. Is there any reason why it still hasn't
> > been done?
> > > > > > > >I don't have much to say, since I'm just starting with
> > OpenAFS/K5 but I
> > > > > > > >know this is what I need. I've spent this week just by filling
> > mailing
> > > > > > > >lists looking for a solution how to enable Windows to mount
> > AFS server
> > > > > > > >using K5 tickets. Unsuccessfully.
> > > > > > > >I'm not too skilled to help in programming it. Can I help any
> > other way?
> > > > > > >
> > > > > > > For some reason this question keeps coming up again, and again,
> > and again...
> > > > > > >
> > > > > > > We've been successful at using "aklog" within our IT group for
> > Windows
> > > > > > > XP. It wasn't really that much of a pain...hind-sight actually.
> > > > > > >
> > > > > > > See...
> > > > > > >
> > > > > > > http://www.coe.uncc.edu/~rmdyer
> > > > > > >
> > > > > > > Once I got the hang of it, I can now download both OpenAFS and MIT
> > > > > > > Kerberos, and compile them with "aklog" all in one shot, within
> > about an hour.
> > > > > > >
> > > > > > > The original "aklog.exe" from Ken H's site didn't work (it
> > crashed good)
> > > > > > > because all of the Kerberos DLL entry points were screwed up
> > since it was
> > > > > > > compiled with an older version of MIT Kerberos. The best thing
> > to do is
> > > > > > > just compile all "clean", then all the dll entry points should
> > match up
> > > > > > > perfectly.
> > > > > > >
> > > > > > > Rodney
> > > > > > >
> > > > > > > Rodney M. Dyer
> > > > > > > Windows Systems Programmer
> > > > > > > Mosaic Computing Group
> > > > > > > William States Lee College of Engineering
> > > > > > > University of North Carolina at Charlotte
> > > > > > > Email rmdyer@uncc.edu
> > > > > > > Phone (704)687-3518
> > > > > > > Help Desk Line (704)687-3150
> > > > > > > FAX (704)687-2352
> > > > > > > Office 267 Smith Building
> > > > > > >
> > > > > > > _______________________________________________
> > > > > > > OpenAFS-info mailing list
> > > > > > > OpenAFS-info@openafs.org
> > > > > > > https://lists.openafs.org/mailman/listinfo/openafs-info
> > > > > > >
> > > > > > >
> > > > > >
> > > > > > --
> > > > > > Lukas Kubin
> > > > > >
> > > > > > phone: +420596398285
> > > > > > email: kubin@opf.slu.cz
> > > > > >
> > > > > > Information centre
> > > > > > The School of Business Administration in Karvina
> > > > > > Silesian University in Opava
> > > > > > Czech Republic
> > > > > > http://www.opf.slu.cz
> > > > > >
> > > > > >
> > > > > >
> > > > > > _______________________________________________
> > > > > > OpenAFS-info mailing list
> > > > > > OpenAFS-info@openafs.org
> > > > > > https://lists.openafs.org/mailman/listinfo/openafs-info
> > > > >
> > > > > --
> > > > > Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
> > > > > Member, MIT Student Information Processing Board (SIPB)
> > > > > URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
> > > > > warlord@MIT.EDU PGP key available
> > > > >
> > > > >
> > > >
> > > > --
> > > > Lukas Kubin
> > > >
> > > > phone: +420596398285
> > > > email: kubin@opf.slu.cz
> > > >
> > > > Information centre
> > > > The School of Business Administration in Karvina
> > > > Silesian University in Opava
> > > > Czech Republic
> > > > http://www.opf.slu.cz
> > > >
> > > >
> > > >
> > > >
> > >
> > > --
> > > Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
> > > Member, MIT Student Information Processing Board (SIPB)
> > > URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
> > > warlord@MIT.EDU PGP key available
> > >
> > >
> >
> >- --
> >Lukas Kubin
> >
> >phone: +420596398285
> >email: kubin@opf.slu.cz
> >
> >Information centre
> >The School of Business Administration in Karvina
> >Silesian University in Opava
> >Czech Republic
> >http://www.opf.slu.cz
> >-----BEGIN PGP SIGNATURE-----
> >Version: GnuPG v1.2.1 (GNU/Linux)
> >Comment: Made with pgp4pine 1.75-6
> >
> >iD8DBQE+4fqrhukdIiZrwu4RAh0NAKCL8QoX6fSjg2Bk+Pxn+7SGO8PEzQCfYm2d
> >YcyAdgCHOP2oIy4qVoI6xIk=
> >=cV/c
> >-----END PGP SIGNATURE-----
> >
> >
> >
> >_______________________________________________
> >OpenAFS-info mailing list
> >OpenAFS-info@openafs.org
> >https://lists.openafs.org/mailman/listinfo/openafs-info
>
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>
>
- --
Lukas Kubin
phone: +420596398285
email: kubin@opf.slu.cz
Information centre
The School of Business Administration in Karvina
Silesian University in Opava
Czech Republic
http://www.opf.slu.cz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Made with pgp4pine 1.75-6
iD8DBQE+4w36hukdIiZrwu4RAvvbAJ9tM6OayX37mMeYvEXk4EHjBmx1HQCfY8mY
IByRctWVM4MX7ln1rrDow0I=
=AwgR
-----END PGP SIGNATURE-----